Privacy Policy

1. Data Controller

Andreas Reis, Marstallstraße 47/1, 73033 Göppingen, Germany, Email: info@talura.app. For inquiries regarding data processing on the Talura platform and to exercise your data subject rights under Art. 15 et seq. GDPR, please use the same address.

1a. Role as Data Processor

Talura is a B2B platform for AI voice agents. Where our customers (businesses) use the platform to serve their callers, we process the personal data of those callers exclusively on behalf of and under the instructions of the respective customer within the meaning of Art. 28 GDPR. The data controller for these processing activities is exclusively the customer (the business operating the AI voice agent). We have concluded a Data Processing Agreement pursuant to Art. 28 GDPR with all of our customers.

This privacy policy applies exclusively to data collected during use of our website talura.app itself (visits, registration, login, contract management, invoicing). For inquiries regarding a specific AI voice conversation, data subjects should contact directly the company whose agent they called — typically the company whose name was stated by the agent at the beginning of the conversation.

2. Overview of Data Processing

We only process personal data of our users to the extent necessary to provide a functional platform, our content, and services. Talura is a B2B platform for AI voice agents.

Types of data processed: Master data (e.g., names, addresses), contact data (e.g., email, phone number), content data (e.g., form inputs), usage data (e.g., pages visited, access times), meta/communication data (e.g., device information, IP addresses), voice data (audio data from AI voice conversations), payment data.

Purposes of processing: Providing the platform and its functions, operating AI voice agents, contract processing, responding to contact requests, web analytics to improve the service, security.

3. Legal Basis

• Consent (Art. 6(1)(a) GDPR) – The data subject has given consent to the processing.
• Contract performance (Art. 6(1)(b) GDPR) – Processing is necessary for the performance of a contract.
• Legal obligation (Art. 6(1)(c) GDPR) – Processing is necessary to comply with a legal obligation.
• Legitimate interests (Art. 6(1)(f) GDPR) – Processing is necessary for the purposes of legitimate interests pursued by the controller.

4. Server Log Files

The server provider automatically collects and stores information in server log files that your browser transmits automatically: browser type and version, operating system, referrer URL, hostname of the accessing computer, IP address, time of the server request. This data is automatically deleted after a maximum of 30 days.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the secure and efficient provision of the website).

5. SSL/TLS Encryption

This site uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content. You can recognize an encrypted connection by the browser address line changing from "http://" to "https://" and by the lock symbol in your browser bar.

6. Cookies

We only use technically necessary cookies:

• NEXT_LOCALE – NEXT_LOCALE – Stores the preferred language (German/English). Technically necessary. Expires: 1 year.
• Session Cookies – Session Cookies – For authentication and session management after login. Technically necessary. Expires: end of session.
• talura-theme – talura-theme (localStorage) – Stores the preferred display mode (light/dark). Technically necessary. Not a cookie, but local storage.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the technically flawless provision of the website).

Web Analytics (Umami)

We use self-hosted Umami analytics. No cookies, no IP addresses, no personal data stored. Data on our own EU server. Opt-out via Do Not Track.

• Hosting: The Umami instance runs on our own server in the EU (IONOS, Berlin/Germany) and is accessible at talura.app/analytics.
• No cookies: Umami does not set cookies and does not use local storage.
• No personal data: No IP addresses are stored. Visitors are counted via an anonymous hash that does not allow identification of individuals.
• Data collected: Page views, referrer, browser type, operating system, device type, screen resolution, language setting, and country (derived from IP, IP is not stored).
• No cross-site tracking: No cross-site tracking takes place.

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest)

Opt-out: You can prevent tracking by Umami by enabling the "Do-Not-Track" setting in your browser. Umami respects this signal.

7a. Cookie Consent Tool

This website uses a so-called "cookie consent tool" to obtain effective user consent for cookies and cookie-based applications that require consent. The cookie consent tool is displayed to users as an interactive interface when they access the site, on which consent for specific cookies and/or cookie-based applications can be granted by ticking boxes. By using this tool, all cookies/services requiring consent are only loaded if the user has granted appropriate consent. This ensures that such cookies are only placed on the user's device if consent has been given.

The tool places technically necessary cookies to store your cookie preferences (LocalStorage key "talura-cookie-consent"). In principle, no personal user data is processed in this context.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in legally compliant, user-friendly consent management) and Art. 6(1)(c) GDPR (legal obligation to make the use of non-essential cookies dependent on user consent).

7b. Google Web Fonts

This site uses so-called web fonts from the following provider for consistent font rendering: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. When a page is accessed, your browser loads the required web fonts into its browser cache in order to display text and fonts correctly, and establishes a direct connection to the provider's servers. In this process, certain browser information, including your IP address, is transmitted to the provider. Data may additionally be transferred to Google LLC, USA.

The processing of personal data in the course of connecting with the font provider is only carried out if you have given us your explicit consent pursuant to Art. 6(1)(a) GDPR. You can revoke your consent at any time with effect for the future by disabling this service via the cookie consent tool provided on the website. If your browser does not support web fonts, a standard font from your computer will be used.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision of the European Commission. More information on Google's privacy practices: https://business.safety.google/intl/en/privacy/

8. Contact via Email

When you contact us by email, the data you provide (e.g., name, email address, message content) will be stored by us to process your inquiry. We delete this data after storage is no longer necessary, or restrict processing if legal retention obligations apply.

Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interest).

9. Hosting

This website is hosted by IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany. The servers are located in Germany. IONOS processes personal data arising from the use of the website on our behalf based on a data processing agreement pursuant to Art. 28 GDPR.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in reliable and secure provision of the website).

10. AI Voice Agents and Voice Data Processing

The core purpose of Talura is to provide AI voice agents. When using the voice agents, the following data is processed:

Processed Data

• Audio data: Voice recordings during a conversation with the AI agent are temporarily processed and forwarded to the speech-to-text service for transcription. Audio data is not permanently stored.
• Transcripts: The text-based conversion of spoken content is stored and used for response generation.
• Metadata: Call duration, timestamps, phone number (for phone calls), agent ID, and customer ID are stored for billing and analytics purposes.

Legal basis: Art. 6(1)(b) GDPR (contract performance) or Art. 6(1)(f) GDPR (legitimate interest of the customer in using AI voice agents). At the start of every AI voice conversation, the caller is informed pursuant to Art. 50 EU AI Act that they are interacting with an AI voice system.

Where special categories of personal data within the meaning of Art. 9 GDPR are processed in individual cases (e.g., health data on a medical hotline), the customer as the controller is responsible for ensuring a separate legal basis (such as Art. 9(2)(a) or (h) GDPR) and for informing data subjects accordingly.

11. External Services and Sub-processors

The following external services are used for operating AI voice agents, which are independently booked by the customer:

Twilio (Telephony)

Provider of telephony services (SIP, phone numbers). Twilio processes phone numbers, call data, and audio data. Headquarters: USA. Data protection: EU-US Data Privacy Framework.

Deepgram (Speech-to-Text)

Provider for speech-to-text. Deepgram processes audio data for transcription. Headquarters: USA. Data protection: EU-US Data Privacy Framework.

ElevenLabs (Text-to-Speech)

Provider for text-to-speech (voice synthesis). ElevenLabs processes text data for audio generation. Headquarters: USA/UK. Transfers rely on EU Standard Contractual Clauses (Art. 46(2)(c) GDPR) and the UK adequacy decision.

Groq / Google / Anthropic (AI Language Models)

Providers of AI language models (LLMs) for response generation. These services process conversation context to generate responses. Headquarters: USA. Transfers: Anthropic and Groq are certified under the EU-US Data Privacy Framework; Google Gemini also falls under the EU-US Data Privacy Framework.

Legal basis: Art. 6(1)(b) GDPR (contract performance). The customer independently contracts with these providers and is responsible for compliance with data protection regulations in the context of their use.

12. Supabase (Database)

We use Supabase as our database system. The Supabase instance is self-hosted and located on the same EU server (IONOS, Germany) as the application. No data is transmitted to external Supabase servers.

13. Redis (Session Caching)

We use Redis for caching session data. The Redis instance is self-hosted and located on the same EU server. Cached session data is automatically deleted when the session expires.

14. Data Subject Rights

You have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR) – You can request information about the personal data we process.
• Right to rectification (Art. 16 GDPR) – You can request the correction of inaccurate data or the completion of your data.
• Right to erasure (Art. 17 GDPR) – You can request the deletion of your data, provided no legal retention obligations exist.
• Right to restriction of processing (Art. 18 GDPR) – You can request the restriction of processing of your data.
• Right to data portability (Art. 20 GDPR) – You can request that we provide your data in a structured, commonly used, and machine-readable format.
• Right to object (Art. 21 GDPR) – You can object to the processing of your data at any time if processing is based on Art. 6(1)(f) GDPR.
• Right to withdraw consent (Art. 7(3) GDPR) – If you have given consent, you can withdraw it at any time with effect for the future.

To exercise your rights, please contact: info@talura.app

15. Right to Lodge a Complaint

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority. The competent authority for us is:

The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
Lautenschlagerstraße 20, 70173 Stuttgart
https://www.baden-wuerttemberg.datenschutz.de

Changes to this Privacy Policy

We reserve the right to update this privacy policy as needed.